What is the Cybersecurity and Infrastructure Security Agency (CISA) and what does it do?

With cybersecurity threats surging globally, organizations such as the US Cybersecurity and Infrastructure Security Agency (CISA) play a critical role in keeping businesses informed and reacting to incidents.

CISA operates in a similar fashion to the UK’s National Cyber Security Centre (NCSC) . Whereas the NCSC is a division of GCHQ, CISA falls under the operational umbrella of the Department of Homeland Security (DHS).

Fundamentally, it’s a federal agency dedicated to securing national security and ensuring the resilience of federal agencies.

But its role isn’t limited to protecting government departments. The agency works closely with industry partners spanning a range of sectors to reduce the threats posed by hackers to both digital and physical infrastructure.

Officially launched in 2018, the agency now has thousands of employees working to protect national security in cyberspace, and works closely with other US security and defense agencies.

Since launching, its responsibilities have expanded greatly in response to the growing threats posed by cyber criminals and state-backed threat groups .

Here’s everything you need to know about CISA.

What does CISA do?

CISA’s self-stated objective is to create a “secure and resilient critical infrastructure for the American people”.

What this means is that the agency leads up national efforts to uncover and contend with dangers to cyber and physical infrastructure. The agency’s three main mission areas span cyber security, infrastructure security, and emergency communications.

When a US business or organization falls victim to a cyber attack, CISA provides vital support to help alleviate the impact. The agency acts in a similar fashion to the NCSC in this regard, collaborating with relevant law enforcement agencies and industry stakeholders.

CISA’s role isn’t limited to response, however. The agency provides a range of information sharing services aimed at enabling businesses to keep up with emerging security threats.

The agency is split into seven distinct, yet collaborative, divisions. These include the Cybersecurity Division, the Infrastructure Division, the Emergency Communications Division, and the Stakeholder Engagement Division.

Other divisions with CISA include the Integrated Operations Division, the National Risk Management Center, and the Mission Enabling Offices.

Information sharing and threat alerts

IT professionals may know CISA best for its cyber threat alert service. As part of its role, the agency issues regular warnings to businesses about emerging cybersecurity threats, as well as breaches, and vulnerability disclosures by businesses, known as the known exploited vulnerability (KEV) list .

The KEV list plays a critical role in keeping businesses and security practitioners informed about all the latest threats they could face in daily operations.

As part of the service, this also includes recommendations from CISA on how organizations can mitigate risks and how to patch vulnerabilities .

Certifications and training schemes

Much like its UK counterpart, CISA offers training and education on cyber security for a wide range of people, including federal employees, private sector cyber professionals, educators, and the general public.

These training schemes are aimed at bolstering awareness of cybersecurity and helping to deliver what the agency describes as the “cyber-ready workforce of tomorrow”.

With cyber security skills shortages continuing to plague organizations globally, these schemes play a vital role in helping bolster broader awareness of this profession and subject area - and also to help keep the public safe and informed about security risks.

There are a number of CISA-led exercises available to both organizations and individuals, all of which are aimed at providing practical, real-world skills to contend with threats and to improve best practice.

Integrate financial products into third-parties

This includes ‘Tabletop Exercise Packages’ , which are practical sessions designed to arm industry stakeholders with the tools and technical knowledge to respond to cybersecurity incidents.

Other schemes include incident response training , which is available for free and accessible to the general public. This provides participants at beginner and intermediate levels to improve their cybersecurity awareness, and includes hands-on training courses.

A full list of CISA training schemes can be found here .

Who leads CISA?

CISA’s inaugural leader was Christopher Krebs, who served as director from November 2018 until November 2020, when he was fired by former president Donald Trump for disputing electoral fraud claims in the 2020 presidential election.

The agency’s current director is Jen Easterly, who was nominated by President Biden to take up the position in April 2021, and shortly after was confirmed by the Senate .

A US Army veteran, Easterly worked as a special assistant to former President Barack Obama and served as senior director for counterterrorism on the US National Security Council.

After serving in government, Easterly held senior roles at Morgan Stanley; first as head of firm resilience, then later as the financial institution’s first global head of the Morgan Stanley Cybersecurity Fusion Center.

As part of her role as director, Easterly leads CISA’s operations alongside the executive leadership team, which includes:

• Nitin Natarajan, deputy director
• Brandon Wales, executive director
• Kathryn Coulter Mitchell, chief of staff